Elevation of Privilege Vulnerability in Windows Disk Cleanup Tool by Microsoft
CVE-2025-21420

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Windows Server 2022
Windows Server 2019 (server Core Installation)
Windows 10 Version 21h2
Windows 11 Version 22h2
Vendor
CVE Published:
11 February 2025

Badges

📈 Score: 1,060👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2025-21420?

CVE-2025-21420 is an elevation of privilege vulnerability found in the Microsoft Windows Disk Cleanup Tool. This tool, designed to help users free up space on their hard drives by removing unnecessary files, contains a flaw that could allow attackers to gain higher access levels than intended. If exploited, this vulnerability could enable unauthorized users to execute malicious actions within the operating system, potentially compromising the integrity and security of the entire system. Organizations relying on this software for disk management may face significant risks, particularly if sensitive data is handled on the affected systems.

Technical Details

CVE-2025-21420 is categorized as an elevation of privilege vulnerability, which occurs when an attacker is granted elevated permissions that should, under normal circumstances, be inaccessible. This flaw could be triggered through a specific set of actions that exploit weaknesses in the Windows Disk Cleanup Tool. The details surrounding the exact technical mechanism of exploitation have not been fully disclosed, but the risk involves potential abuse of the tool's functionality to manipulate system privileges.

Potential impact of CVE-2025-21420

  1. Unauthorized System Control: Exploiting this vulnerability may allow attackers to execute commands and carry out actions that should only be permitted to higher-privileged users or administrators. This could lead to unauthorized changes in system configurations or unauthorized access to sensitive data.

  2. Data Breaches: With elevated privileges, an attacker could potentially access confidential files or databases, leading to significant data breaches. This encompasses both personally identifiable information and critical business data that could harm an organization’s reputation or violate regulatory requirements.

  3. Propagation of Malware: The elevation of privilege afforded by this vulnerability could also enable attackers to install malicious software or ransomware, further jeopardizing the security of the affected systems and possibly spreading to connected networks or devices. This could lead to extensive operational disruptions and financial losses for organizations.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20915

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7785

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.6893

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-21420-PoC
Created by Network-Sec

News Articles

favicon imageGBHackers News

Windows Disk Cleanup Tool Exploit Allows SYSTEM Privilege Escalation

Microsoft has urgently addressed a high-severity privilege escalation vulnerability (CVE-2025-21420) in the Windows Disk Cleanup Utility (cleanmgr.exe).

2 days ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by GBHackers News

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.